| commit | 678f9f9f070134f62b49b833b2f5364c660a530f | |
| author | Love Hornquist Astrand <lha@h5l.org> | |
| Sun, 11 Oct 2009 15:46:53 +0000 (11 08:46 -0700) | ||
| committer | Love Hornquist Astrand <lha@h5l.org> | |
| Sun, 11 Oct 2009 15:46:53 +0000 (11 08:46 -0700) | ||
| tree | 995c1e18067b89c9f4ec1b7a8ffed17dae25e724 | treesnapshot (tar.gz zip) |
| parent | 8e08aa0a15ef8a6fec5b94daeea0f0b111ca1e7c | commitdiff |
[HEIMDAL-533] KDC sends TGS-REP encrypted in session key not authenticator
From RFC 4120, page 35
In preparing the authentication header, the client can select a sub-
session key under which the response from the Kerberos server will be
encrypted. If the client selects a sub-session key, care must be
taken to ensure the randomness of the selected sub-session key.
The client library alread handle this case.
Thanks to Sam Hartman to report this though Debian
From RFC 4120, page 35
In preparing the authentication header, the client can select a sub-
session key under which the response from the Kerberos server will be
encrypted. If the client selects a sub-session key, care must be
taken to ensure the randomness of the selected sub-session key.
The client library alread handle this case.
Thanks to Sam Hartman to report this though Debian
| kdc/kerberos5.c | diffblobblamehistory | |
| kdc/krb5tgs.c | diffblobblamehistory |